Parents’ Bill of Rights for Data Privacy and Security
The Green Island Union Free School District is committed to ensuring student privacy in accordance with local, state and federal regulations and district policies. To this end and pursuant to U.S. Department of Education (DOE) regulations (Education Law §2-d), the district is providing the following Parents’ Bill of Rights for Data Privacy and Security:
Parents and eligible students can expect the following:
- A student’s personally identifiable information (PII) cannot be sold or released for any commercial purpose.
- The right to inspect and review the complete contents of the student’s education record stored or maintained by an educational agency.
- State and federal laws, such as NYS Education Law §2-d and the Family Educational Rights and Privacy Act, that protect the confidentiality of a student’s PII, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
- A complete list of all student data elements collected by NYSED is available for public review at www.nysed.gov/data-privacy-security, and by writing to:
Chief Privacy Officer
New York State Education Department
89 Washington Avenue
Albany, NY 12234
- The right to have complaints about possible breaches and unauthorized disclosures of student data addressed. If you would like to submit a complaint, please fill out this form. If you are unable to fill out the form, complaints may also be submitted to the District Privacy Officer, Tiffany Dzembo at email@example.com and/or (518) 273-1422. Complaints to SED can occur online, by mail to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234, by email to firstname.lastname@example.org, or by telephone at (518) 474-0937.
- To be notified in accordance with applicable laws and regulations if a breach or unauthorized release of their student’s PII occurs.
- Educational agency workers that handle PII will receive training on applicable state and federal laws, the educational agency’s policies, and safeguards associated with industry standards and best practices that protect PII.
- Educational agency contracts with vendors that receive PII will address statutory and regulatory data privacy and security requirements.
Additional Student Data Privacy Information
This bill of rights is subject to change based on regulations of the commissioner of education and the SED chief privacy officer, as well as emerging guidance documents from SED. For example, these changes/additions will include requirements for districts to share information about third-party contractors that have access to student data, including:
- How the student, teacher or principal data will be used;
- How the third-party contractors (and any subcontractors/ others with access to the data) will abide by data protection and security requirements;
- What will happen to data when agreements with third-party contractors expire;
- If and how parents, eligible students, teachers or principals may challenge the accuracy of data that is collected; and
- Where data will be stored to ensure security and the security precautions taken to ensure the data is protected, including whether the data will be encrypted.
If you would like more information, please contact Ms. Dzembo at (518) 273-1422. More information is also available on the following websites:
- NYS Data Privacy and Security website
- NYS Educational Law Section 2-D
- Family and Educational Rights and Privacy Act (FERPA)
- US Department of Education Protecting Student Privacy 101
- Information and Data Privacy, Security, Breach and Notification (BOE Policy 8635)
- Information and Data Privacy, Security, Breach and Notification (BOE Exhibit 8635-E)
- Information and Data Privacy, Security, Breach and Notification (BOE Regulation 8635-R)